package com.cy.pj.sys.service.realm;

import com.cy.pj.sys.dao.SysMenuDao;
import com.cy.pj.sys.dao.SysUserDao;
import com.cy.pj.sys.pojo.SysUser;
import org.apache.shiro.authc.*;
import org.apache.shiro.authc.credential.CredentialsMatcher;
import org.apache.shiro.authc.credential.HashedCredentialsMatcher;
import org.apache.shiro.authz.AuthorizationException;
import org.apache.shiro.authz.AuthorizationInfo;
import org.apache.shiro.authz.SimpleAuthorizationInfo;
import org.apache.shiro.realm.AuthorizingRealm;
import org.apache.shiro.subject.PrincipalCollection;
import org.apache.shiro.util.ByteSource;
import org.springframework.beans.factory.annotation.Autowired;

import java.util.Set;

//@Component
public class ShiroRealm extends AuthorizingRealm {
    @Autowired
    private SysUserDao sysUserDao;
    @Autowired
    private SysMenuDao sysMenuDao;

    /**
     * 获取并封装认证信息
     * @param authenticationToken 为封装了客户端认证信息的一个令牌对象
     * @return
     * @throws AuthenticationException
     */
    @Override
    protected AuthenticationInfo doGetAuthenticationInfo(AuthenticationToken authenticationToken) throws AuthenticationException {
        //1.获取用户提交的认证用户信息(用户名)
        UsernamePasswordToken upToken = (UsernamePasswordToken) authenticationToken;
        String username = upToken.getUsername();
        //2.基于用户名查询从数据库用户信息
        SysUser sysUser = sysUserDao.selectUserByUsername(username);
        //3.判断用户是否存在
        if (sysUser == null)
            throw new UnknownAccountException();//账户不存在
        //4.判断用户是否被禁用
        if (sysUser.getValid() == 0)
            throw new LockedAccountException();
        //5.封装认证信息并返回
        ByteSource credentialsSalt = ByteSource.Util.bytes(sysUser.getSalt());
        SimpleAuthenticationInfo info =
                new SimpleAuthenticationInfo(
                        sysUser, //principal 传入的用户身份(基于业务设置)
                        sysUser.getPassword(),//hashedCredentials 已加密的凭证()
                        credentialsSalt,//credentialsSalt (做了编码处理的加密盐对象)
                        this.getName());//获取当前类的名字(可以省略this.)
        return info;
    }

    /**重写此方法的目的是对用户输入的登录密码进行加密，需要算法*/
    @Override
    public CredentialsMatcher getCredentialsMatcher() {
        HashedCredentialsMatcher matcher = new HashedCredentialsMatcher();
        matcher.setHashAlgorithmName("MD5");
        matcher.setHashIterations(1);
        return matcher;
    }
    //也可以在构造方法中通过调用set方法设置加密策略
//    public ShiroRealm(){
//        HashedCredentialsMatcher credentialsMatcher=
//                new HashedCredentialsMatcher("MD5");
//        credentialsMatcher.setHashIterations(1);
//        setCredentialsMatcher(credentialsMatcher);
//    }

    /**
     * 查询用户在RequiresPermissions注解上写的权限，来读取权限进行操作
     * @param principalCollection
     * @return
     */
    @Override
    protected AuthorizationInfo doGetAuthorizationInfo(PrincipalCollection principalCollection) {
        //1.获取登录用户(登录时传入的用户身份是谁)
        SysUser user= (SysUser) principalCollection.getPrimaryPrincipal();
        //2.基于登录用户 id 获取用户权限标识
        Set<String> stringPermissions= sysMenuDao.selectUserPermissions(user.getId());
        if (stringPermissions==null){
            throw new AuthorizationException();
        }
        //3.封装数据并返回
        SimpleAuthorizationInfo info=new SimpleAuthorizationInfo();
        info.setStringPermissions(stringPermissions);
        return info;
    }
}
